rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-01-17 06:52:27 +01:00
Code Issues Releases Activity

[security] CVE-2018-8048

Browse Source
This commit is contained in:
Sylvain 2018-03-27 10:17:41 +02:00
parent 59152c3485
commit d606130bc3
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGELOG.md
View File

@ -1,17 +1,18 @@
# Changelog Fab Manager
## next release
- Updated Omniauth to fix Hashie warnings [omniauth#872](https://github.com/omniauth/omniauth/issues/872)
- Updated OmniAuth to fix Hashie warnings [omniauth#872](https://github.com/omniauth/omniauth/issues/872)
- Fix a security issue: dependency loofah has a vulnerability as described in [CVE-2018-8048](https://github.com/flavorjones/loofah/issues/144)
## v2.6.4 2018 March 15
- Ability to share trainings on social medias
- Fix a bug: a reminder notification were sent for canceled reservations
- Fix a bug: sharing an event on facebook has HTML tags in the description
- fix stripe api version, all fabmanagers has to use this version because codebase relies on it
- updates omniauth to ~> 1.3.2 (security vulnerability)
- updates rack-protection to 1.5.5 (security vulnerability) see [this link](https://github.com/sinatra/sinatra/issues/1408) and [this link](https://github.com/sinatra/rack-protection/pull/122)
- updates twitter gem in order to get rid of security warning from gem "http"
- Set Stripe API version, all fab-managers has to use this version because codebase relies on it
- Fix a security issue: OmniAuth < 1.3.2 has a security vulnerability described in [CVE-2017-18076](https://nvd.nist.gov/vuln/detail/CVE-2017-18076)
- Fix a security issue: rack-protection < 1.5.5 has a security vulnerability described in [CVE-2018-1000119](https://nvd.nist.gov/vuln/detail/CVE-2018-1000119)
- Fix a security issue: http gem < 0.7.3 has a security vulnerability described in [CVE-2015-1828](https://nvd.nist.gov/vuln/detail/CVE-2015-1828), updates twitter gem as a dependency
## v2.6.3 2018 January 2

6
Gemfile.lock
View File

@ -136,7 +136,7 @@ GEM
tins (>= 1.6.0, < 2)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.2)
crass (1.0.3)
daemons (1.2.4)
database_cleaner (1.4.1)
debug_inspector (0.0.3)
@ -234,7 +234,7 @@ GEM
activesupport (>= 3.0.0)
kgio (2.9.3)
libv8 (3.16.14.11)
loofah (2.1.1)
loofah (2.2.2)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.0)
@ -274,7 +274,7 @@ GEM
net-ssh-gateway (1.2.0)
net-ssh (>= 2.6.5)
netrc (0.10.3)
nokogiri (1.8.1)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
notify_with (0.0.2)
jbuilder (~> 2.0)